Okay, so I know how to do some stuff. I can make a great cup of coffee, carry a decent conversation, and write words good. However, I’m always looking to learn. Recently, I’ve been interested in cybersecurity. I had limited knowledge of this (I myself use an encryption service for my personal passwords), but I did not know all that goes into cybersecurity on a larger scale.
At this point, I decided to talk to our friend Ben Reinken. He’s been working at Appspace (a Romega partner) for four years, almost three of which as a Cloud and DevOps Engineer. He also consults on Romega’s security practices and infrastructure. When I wanted to learn about how to keep my data safe, I knew exactly where to turn.
What I learned from Ben are basic things any business should keep in mind. Pull up a chair and join in on the conversation by contacting us!
AS: What are the most common cybersecurity issues for businesses?
BR: One of the most important things is password management and complexity. You need to define and enforce company-wide password rules that cover the number and types of characters required for a password. The business should have regulations on how often passwords need to be changed. Rules like these can go a long way in protecting a business from security breaches.
Another common risk that businesses need to be aware of is email phishing scams. Email has become one of the easiest ways for cyber attackers to gain access to personal and business data. There are a variety of methods these attackers use. Most often, an attacker’s email deceives users into providing their login information by masquerading as a trusted company or system. They prompt the user to follow a link in the email and enter their username and password. It is always safer to go to your browser and navigate to the site directly. Links can deceive users by sending them to a website that looks familiar. Instead, it captures your account information.
Encouraging all members of the organization to report suspicious emails and warning everyone about common email phishing attempts is important.
AS: To your comment on passwords, say my business had a shared spreadsheet with all our business passwords to keep everyone in the know. Is that secure enough?
BR: The security community agrees: Passwords should never dwell on an unencrypted document, let alone written down. I would even go so far as to say passwords shouldn’t be sent in an email unless they are temporary. Change those in 48 hours or less. Also, one of the easiest ways to secure your accounts is to enable two-factor authentication (2FA) anytime you see the option.
Strong encryption is a standard practice for password management today. Thankfully there are some great applications and services that make it relatively simple to implement for any size business.
AS: Which password management service would be best for a personal account? Small business? Large business?
BR: I use 1Password for personal and business accounts and highly recommend it. 1Password implements end-to-end encryption with several layers of protection. It’s also very user-friendly for people accessing stored passwords on a day to day basis. I highly recommend 1Password for personal and small to medium-sized businesses. (Note from Abbie: That’s what we use at Romega!)
Another password manager I have used is LastPass, which implements strong encryption and targets larger businesses with its enterprise feature set. These services are not free but are a great investment towards securing your personal and business passwords.
AS: Who should and shouldn’t have access to information like passwords?
BR: Businesses should grant the minimum amount of access required to any individual or system to perform their jobs. This includes passwords, user access roles to various systems, and file and directory permissions. Granting access to any information carries a level of risk whether it lives on a local computer, shared files in the cloud or stored internal file sharing methods across a company. By minimizing access to passwords and systems, you also minimize security risk which is a win for any business.
AS: So, I came up with this great username: Admin. What do you think?
BR: Exchange generic or default usernames for something more obscure if possible. Password strength and management are far more important than usernames in terms of security but staying away from usernames like administrator and root is a good idea.
AS: What can happen if my online data isn’t secure?
BR: Transparency is becoming increasingly important for companies that store your data online. From private companies to federal agencies, there is a responsibility to monitor security attacks and communicate openly with their client base if data has been compromised. Pay attention to reports of data breaches and notifications from companies you trust to reset your password or improve your account security. Using a password manager to generate strong, unique passwords for every online account you create is a great way to minimize your personal risk in case your online data is compromised.
AS: I haven’t updated any of my operating systems in 50 years. Am I good?
BR: Not really. We recommended installing the latest updates for your operating system as soon as you get the prompt. They will include fixes for known security vulnerabilities. This has never been more important than now. Multiple severe security flaws at the operating system level were discovered and patched over just the past few years. This is a complex problem in larger organizations. The IT department will usually manage it centrally by testing and approving upgrades before pushing them out to all devices in the organization.
AS: I use my own laptop at Romega. Sarah gets her Romega emails on her phone. Braden uses his iPad to take notes during meetings. What can we do to make sure we don’t accidentally endanger our business?
BR: Recent advancements protect all types of devices as well as the data that’s stored on them. First step: ensure that your laptops, mobile devices, and tablets have a password or passcode. If the device is lost or stolen, there are options to remotely delete all your data to prevent it from being compromised on some mobile devices.
Most major operating systems have built-in disk encryption options for laptops. They are easy to set up and highly effective at protecting your data even if the laptop is lost. Network security in office spaces is a major risk if not secured properly. Set up the latest encryption and strongest passwords for your wireless networks. These are essential steps to protecting the data crucial to your business.
We hold our security practices to the highest standards – keeping our info and our clients’ info safe. Look out for a future blog post featuring Ben’s input detailing how Romega handles our clients’ data.